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WHAT IS CLAIMED IS: 

1. A method for accessing a service in a distributed computing environment, 
comprising: 

a client locating a first service within the distributed computing environment; 



m 

W 15 



the client requesting a capability credential to allow the client access to a portion 
of the first service's capabilities, wherein said requesting a capability 
10 credential comprises the client indicating a set of desired capabilities; 

the client receiving said capability credential, wherein said capability credential 
indicates that the client has the right to use said portion of the first 
service's capabilities; and 



|4: the client using said capability credential to access one or more of said portion of 

m 

the first service's capabilities. 



m 

yj 2. The method as recited in claim 1, wherein said requesting a capability credential 



20 comprises the client sending a capability credential request message, wherein said 
capability credential request message comprises an identification of said first service and 
an indication of the set of desired capabilities. 

3. The method as recited in claim 2, wherein said identification of said first service 
25 comprises a Universal Unique Identifier (UUID). 

4. The method as recited in claim 2, wherein said capability credential request 
message if formatted in extensible Markup Language (XML). 

30 5. The method as recited in claim 2, further comprising: 
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the client receiving an advertisement for the first service, wherein said 
advertisement describes the portion of the first service's capabilities; and 

wherein said indication of the set of desired capabilities comprises an indication 
of said advertisement. 

6. The method as recited in claim 5, wherein said indication of said advertisement is 
said advertisement itself. 

7. The method as recited in claim 5, wherein said indication of said advertisement is 
a Uniform Resource Identifier (URI) to said advertisement. 

8. The method as recited in claim 5, wherein said advertisement describes all of the 
first service's capabilities, and wherein said indication of said advertisement in said 
capability credential request message in a version of said advertisement edited to describe 
only said set of desired capabilities. 

9. The method as recited in claim 5, wherein said advertisement is a protected 
advertisement that describes the first service's capabilities but does not provide an 
interface to the first service's capabilities. 

10. The method as recited in claim 1, further comprising: 

the client receiving a protected advertisement for the first service, wherein said 
protected advertisement indicates an address for sending said capability 
credential request message to; and 
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wherein said requesting a capability credential comprises the client sending a 
capability credential request message to said address indicated in said 
protected advertisement. 

11. The method as recited in claim 10, wherein said address indicated in said 
protected advertisement is for an authentication service, wherein said sending a capability 
credential request message comprises sending said capability credential request message 
to said authentication service, the method further comprising the authentication service 
sending a credential request response message to the client in response to said capability 
credential request message. 

12. The method as recited in claim 11, wherein said credential request response 
message includes said capability credential, wherein said receiving said capability 
credential comprises receiving said capability credential from said authentication service 
in said credential request response message. 

13. The method as recited in claim 1, further comprising: 

the client receiving a protected advertisement for the first service, wherein said 
protected advertisement indicates an authentication service; and 

wherein said requesting a capability credential comprises the client requesting a 
capability credential from said authentication service. 

14. The method as recited in claim 13, the method further comprising: 

said authentication service determining a level of the first service's capabilities 
that the client is authorized to use; 
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said authentication service generating said capability credential according to said 
level and said set of desired capabilities; and 

said authentication service sending said capability credential to the client, wherein 
said portion of the first service's capabilities that said capability credential 
indicates that the client has a right to use is no more than said set of 
desired capabilities. 

15. The method as recited in claim 14, wherein said portion of the first service's 
capabilities that said capability credential indicates that the client has a right to use is the 
lesser of said level of the first service's capabilities that the client is authorized to use and 
said set of desired capabilities. 

16. The method as recited in claim 1, wherein said using said capability credential to 
access one or more of said portion of the first services capabilities comprises the client 
sending a message to the first service to access a first capability, wherein the message 
includes said capability credential, the method further comprising the first service 
authenticating said capability credential received in the message to verify that the client 
has the right to use said first capability. 

17. A client device, comprising: 

a connection to a distributed computing environment; 

an interface coupled to said connection and configured to locate a first service 
within the distributed computing environment; 

wherein the interface is further configured to request over the connection a 
capability credential for a set of desired capabilities to allow the client on 
the client device access to a portion of the first service's capabilities; 
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wherein the interface is further configured to receive over the connection said 
capability credential, wherein said capability credential indicates that the 
client has the right to use said portion of the first service's capabilities; and 

wherein the interface is further configured to use said capability credential to 
access one or more of said portion of the first service's capabilities. 

18. The client device as recited in claim 17, wherein the interface is configured to 
request a capability credential by sending a capability credential request message, wherein 
said capability credential request message comprises and identification of said first 
service and an indication of the set of desired capabilities. 

19. The client device as recited in claim 18, wherein said identification of said first 
service comprises a Universal Unique Identifier (UUID). 

20. The client device as recited in claim 18, wherein said capability credential request 
message if formatted in extensible Markup Language (XML). 

21. The client device as recited in claim 18, wherein the interface is further 
configured to receive an advertisement for the first service, wherein said advertisement 
describes the portion of the first service's capabilities, and wherein said indication of the 
set of desired capabilities comprises an indication of said advertisement. 

22. The client device as recited in claim 21, wherein said indication of said 
advertisement is said advertisement itself. 

23. The client device as recited in claim 22, wherein said indication of said 
advertisement is a Uniform Resource Identifier (URI) to said advertisement. 
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24. The client device as recited in claim 21, wherein said advertisement describes all 
of the first service's capabilities, and wherein said indication of said advertisement in said 
capability credential request message in a version of said advertisement edited to describe 
only said set of desired capabilities. 

25. The client device as recited in claim 21, wherein said advertisement is a protected 
advertisement that describes the first service's capabilities but does not provide an 
interface to the first service's capabilities. 

26. The client device as recited in claim 17, wherein the interface is further 
configured to receive a protected advertisement for the first service, wherein said 
protected advertisement indicates an address for sending said capability credential request 
message to, and wherein the interface is configured to request a capability credential by 
sending a capability credential request message to said address indicated in said protected 
advertisement. 

27. The client device as recited in claim 26, wherein said address indicated in said 
protected advertisement is for an authentication service, wherein said sending a capability 
credential request message comprises sending said capability credential request message 
to said authentication service. 

28. The client device as recited in claim 27, wherein the interface is configured to 
receive said capability credential from said authentication service in a credential request 
response message. 

29. The client device as recited in claim 17, wherein the interface is further configure 
to: 

receive a protected advertisement for the first service, wherein said protected 
advertisement indicates an authentication service; and 
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request a capability credential by requesting a capability credential from said 
authentication service. 

30. The client device as recited in claim 29, wherein said portion of the first service's 
capabilities that said capability credential indicates that the client has a right to use is the 
lesser of said level of the first service's capabilities that the client is authorized to use and 
said set of desired capabilities. 

31. The client device as recited in claim 17, wherein the interface is configured to use 
said capability credential to access one or more of said portion of the first services 
capabilities for said client by sending a message to the first service to access a first 
capability, wherein the message includes said capability credential so that the first service 
may authenticate said capability credential received in the message to verify that the 
client has the right to use said first capability. 

32. The client device as recited in claim 17, wherein said interface comprises one or 
more processes executable on a processor within the client device. 

33. A carrier medium comprising program instructions, wherein the program 
instructions are computer-executable on a client device to implement: 

locating a first service within the distributed computing environment; 

requesting a capability credential to allow a client on the client device access to a 
portion of the first service's capabilities, wherein said requesting a 
capability credential comprises the client indicating a set of desired 
capabilities; 
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receiving said capability credential, wherein said capability credential indicates 
that the client has the right to use said portion of the first service's 
capabilities; and 

using said capability credential to access one or more of said portion of the first 
service's capabilities. 

34. The carrier medium as recited in claim 33, wherein said requesting a capability 
credential comprises the client sending a capability credential request message, wherein 
said capability credential request message comprises an identification of said first service 
and an indication of the set of desired capabilities. 

35. The carrier medium as recited in claim 34, wherein said identification of said first 
service comprises a Universal Unique Identifier (UUID). 

36. The carrier medium as recited in claim 34, wherein said capability credential 
request message if formatted in extensible Markup Language (XML). 

37. The carrier medium as recited in claim 34, wherein the program instructions are 
computer-executable on the client device to further implement: 

receiving an advertisement for the first service, wherein said advertisement 
describes the portion of the first service's capabilities; and 

wherein said indication of the set of desired capabilities comprises an indication 
of said advertisement. 

38. The carrier medium as recited in claim 37, wherein said indication of said 
advertisement is said advertisement itself. 
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39. The carrier medium as recited in claim 37, wherein said indication of said 
advertisement is a Uniform Resource Identifier (URI) to said advertisement. 

40. The carrier medium as recited in claim 37, wherein said advertisement describes 
all of the first service's capabilities, and wherein said indication of said advertisement in 
said capability credential request message in a version of said advertisement edited to 
describe only said set of desired capabilities. 

41. The carrier medium as recited in claim 37, wherein said advertisement is a 
protected advertisement that describes the first service's capabilities but does not provide 
an interface to the first service's capabilities. 

42. The carrier medium as recited in claim 33, wherein the program instructions are 
computer-executable on the client device to further implement: 

receiving a protected advertisement for the first service, wherein said protected 
advertisement indicates an address for sending said capability credential 
request message to; and 

wherein said requesting a capability credential comprises the client sending a 
capability credential request message to said address indicated in said 
protected advertisement. 

43. The carrier medium as recited in claim 42, wherein said address indicated in said 
protected advertisement is for an authentication service, wherein said sending a capability 
credential request message comprises sending said capability credential request message 
to said authentication service. 
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44. The carrier medium as recited in claim 43, wherein said receiving said capability 
credential comprises receiving said capability credential from said authentication service 
in a credential request response message. 

5 45. The carrier medium as recited in claim 33, wherein the program instructions are 
computer-executable on the client device to further implement: 

receiving a protected advertisement for the first service, wherein said protected 
advertisement indicates an authentication service; and 

10 

wherein said requesting a capability credential comprises the client requesting a 
capability credential from said authentication service. 

46. The carrier medium as recited in claim 45, wherein said portion of the first 
15 service's capabilities that said capability credential indicates that the client has a right to 

use is the lesser of said level of the first service's capabilities that the client is authorized 
to use and said set of desired capabilities. 

47. The carrier medium as recited in claim 33, wherein said using said capability 
20 credential to access one or more of said portion of the first services capabilities comprises 

the client sending a message to the first service to access a first capability, wherein the 
message includes said capability credential so that the first service may authenticate said 
capability credential received in the message to verify that the client has the right to use 
said first capability. 

25 
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